
Welcome to ShmooCon 2010 



When we last met... 



February 5th, 2010 



Monday, March 1, 2010 



Best Twitter Quote 



*@dallendoug Snow is the 
NEW Advanced Persistent 
Threat 
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SnOMFG! 




* Seriously, some quick thoughts on the snow 

* If you're traveling, travel safely 

* Be prepared: hard to know what will be open tomorrow. May not 
hurt to stock up a bit 

* Quick stats: 

* ~1550 people... tho with the snow, probably a few less. 

* 100% more snow 

* 37 talks (the same number as last year) 

* All talks on the same floor this year 

* J rooms on your left, T rooms on your right 
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Talks and such 



* Keeping the same format as last year 

* Friday Night: Plenary short talks... right here in this room 

* Saturday: Three tracks 

* Build It: here 

* Break It: over there 

* Bring It On: Across the hall (Wilson Rooms) 

* Sunday: Starting with three tracks, ending with one 

* Don't be afraid to leave the Ballroom and find the BIO talks 
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The Network 



* 4th year of ShmooCon Labs 

* 36 hours to get it done 

* 40 attendees with 4 leads 

* 10 sponsors 

* 1 70+ planning emails 

* Wireless network 

* shmoocon: Open 802.11a/b/g no authentication 

* shmoocon-wpa: WPA Enterprise requires creating an account and 
some other shenanigans 

* shmoocon-double-down: An easter egg mosh pit network 
populated with "stuff" for your pleasure 

* For information on creating an account for shmoocon-wpa network 
please visit https://labs.shmoocon.net 

* Stop by the lab and check it out 
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Shmooballs 



* Physical manifestation of the bullshit flag 

* Throw them at the speaker if you disagree with them 

* Note the key word "throw" 

* There's a point to the little critters 

* Facilitate honest discourse through some physical frivolity 

* Please don't forget that 
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Shmooball Launcher 
Gonest 



♦ Yeah, we know. Shmooballs are fun... 

* So much fun that there's a contest to build the 
best launcher 

* Didn't built a launcher? There's a category 
for "best launcher built at the con" 

* Good luck getting to Home Depot on Sat ;) 

* AND! They can hurt (trust me) and some ppl 
don't have the raging sense of humor I have 

* Seriously, launchers are only to be used on 
the firing range (contest room) 

* In the talk rooms? Use your arm. 



Didn't we use 

this picture last 

year? 
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Hack or Halo 



^/ 



Chris "!!l!eleventy!!l!" Compton 




* Break stuff! Shoot people! Win stuff! 

* Practice tonight, real game is tomorrow 

* All skills welcome (no need to be uber-1337!) 



* Stop by the table to sign up, or for more information (it's by 
registration!) 

* Winners get cool prizes 
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Hacker Arcade and 
TF2 Tourney \ 




* Next to the LP Village 

* Stop by and play some cool games 

* All proceeds go to Red Cross 

* There's an extra donation jar... .25 doesn't add up very quickly 

* Team Fortress 2 tournament 

* We've tried to turn TF2 into a spectator sport... custom scoreboard, 
custom HUD, and lots of commentary 

* Team Fortress 2 Cheater tournament 

* Bring your own cheats, our use ours 

* When matches aren't being played, it's open seating :) 
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Ghost In the Shellcode 



* Sign-up in the contest room 



* 'nuffsaid 
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Other Contests 



* Shmooganography 

* Various contests at sponsor tables 



* BarCode Shmarcode 



* ooooo.. a hidden contest 

* Winners of everything to be announced at the end of the con 
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Lockpick Village 



* Learn 



* Touch 



* Do 



Seriously, doesn't matter if 
you're a pro or have never 
picked a lock. Stop by and 
try it out 
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T- Shirt Charities 



* $10 donation gets you a free t-shirt and a token 

* Put your token in the bucket of your choice and that charity gets your 
$10 



♦ EFF 



* Ihackcharities 



* American Red Cross 



* $10 for a t-shirt? Better get them quick. 



No 

Image 

Available 
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And a Word from EFF 
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Parties! 



* Friday Night? 

♦ Saturday Night 



Heaven and Hell in Adams Morgan 



* 8:00 - midnight Open Bar 

* Wristbands at Registration Desk - 1 per customer 
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Feedback 



* feedback.shmoocon.org 

* Provide feedback on the speakers, the con, or whatever else you 
want 

* Please, Please, Please... provide feedback 
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Video and Picture Policy 






* Yeah! Ted! MediaArchives.com 

* Ted if filming and selling DVD's again this year 

* We will post videos online after the con 

* Please buy from Ted if you can. Ted Rocks. 

* Video being streamed live 

* http://www.shmoocon.org/video.html 

* Picture policy 

* The full policy is in the program. But in summary: Badge. 

* Everyone in your frame must explicitly be OK 
with being in the picture 

* One official picture person (Carson, please stand) 

* There are Press folks here too. They (like you) 
have to adhere to the picture and video policy 



The Press 
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Friendly Warnings 



* Read the hotel info in the Program 

* Also, you must wear your badges at all times 

* #wemeanitreally 



* Nuffsaid 
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Key Staff 



* Heidi - Leader of the pack. Take questions to others first if you can 

* Luiz - Leader of the bits in the air and on the wire 

* Bob - Photon and acoustic wrangler 

* Tamzen - Registration 

* GM1 / Freshman - Security leads 

* Me - Free agent 
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Where's my soapbox? 
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A year filled with insanity 



* Started with the piggy flu... 
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DHS taught us how to sneeze... 




We don't need to teach common 



sense. . . 
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We all practice common sense... 
right? 



* APT 

* APT 

* APT 

* It's on everyone's mind... 

* The Google compromises were eye openers for management 

* But we knew most of this all along 

* What can we do to fight APT? 



* Trusted systems 

* Better detection /analysis 

* Risk-based security programs 
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But really, what's pragmatic? 



* The attackers use many basic aspects of our network against us 

* We all have password policies levied against ALL systems, right? 

* We have auditing in place everywhere it should be, right? 

* We have networks segregated in a manner to prevent unauthorized 
access, right? 
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We're not sneezing on to our 
sleeves 



* There's "common sense" in network security 
* Amazingly we're not practicing it 



♦ WE ARE ALLOWING THIS TO HAPPEN. 
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Concerns over air security 



* Christmas day bomber 



* 3, 1, 1 



* Body scans 

* $100' s of billions year spent to prevent attacks before they happen 

* Attackers with much less money still find ways around our 
defenses 

* A great use of money? 
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Our security theatre is funny to 
other countries... 




■ 
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We don't practice security theatre, 
right? 



* How many billions of dollars are spent each year on information 
security products 

* Attackers with way fewer resources are ACTIVELY compromising 
our systems 

* Arguably, a worse situation than air security. At least they're 
spending money and are being successful at stopping attacks 

* Those TSA parody videos aren't as funny when you look at it like 
that. 
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Whew! 



That's it. Enjoy the con! 
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